Directory User Identification | Teradata Vantage - 17.10 - About Directory User Identification - Advanced SQL Engine - Teradata Database

Teradata Vantage™ - Advanced SQL Engine Security Administration

Product
Advanced SQL Engine
Teradata Database
Release Number
17.10
Release Date
July 2021
Content Type
Administration
Security
Publication ID
B035-1100-171K
Language
English (United States)

When the directory authenticates a database user, TDGSS searches for user information in the directory based on the directory username specified in the logon. Directories use distinguished names (DNs) to uniquely name each directory user object, for example:

cn=ab111222,ou=northamerica,ou=useraccounts,dc=div,dc=corp,dc=com

However, requiring users to enter the entire DN can result in logon errors. In addition, the database may be able to log only part of the DN, due to object name length limitations.

To avoid having to enter the entire DN, it is common practice to allow users to specify the simple form of the username in a logon string, for example:

ab111222

The authentication process links the simple username to the DN in the directory.

Although it is generally good practice, allowing the use of simple usernames in the database logon string can present problems:

  • Some directories do not allow a simple username in the logon string and force users to enter the entire DN at logons.
  • Directories that do allow simple usernames may not efficiently bind them to the correct DNs.